Submit Search
Upload
Hacking Exposed Live: Mobile Targeted Threats
•
4 likes
•
3,531 views
CrowdStrike
Follow
http://www.hackingexposed7.com/
Read less
Read more
Technology
Report
Share
Report
Share
1 of 43
Download now
Download to read offline
Recommended
Be Social. Use CrowdRE.
Be Social. Use CrowdRE.
CrowdStrike
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
SCADA Security
SCADA Security
amiable_indian
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint Security
CrowdStrike
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEM
Iftikhar Ali Iqbal
Penetration Testing Azure for Ethical Hackers
Penetration Testing Azure for Ethical Hackers
Cheah Eng Soon
Microsoft Sentinel- a cloud native SIEM & SOAR.pdf
Microsoft Sentinel- a cloud native SIEM & SOAR.pdf
Kranthi Aragonda
Crowdstrike .pptx
Crowdstrike .pptx
uthayakumar174828
Recommended
Be Social. Use CrowdRE.
Be Social. Use CrowdRE.
CrowdStrike
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
SCADA Security
SCADA Security
amiable_indian
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint Security
CrowdStrike
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEM
Iftikhar Ali Iqbal
Penetration Testing Azure for Ethical Hackers
Penetration Testing Azure for Ethical Hackers
Cheah Eng Soon
Microsoft Sentinel- a cloud native SIEM & SOAR.pdf
Microsoft Sentinel- a cloud native SIEM & SOAR.pdf
Kranthi Aragonda
Crowdstrike .pptx
Crowdstrike .pptx
uthayakumar174828
Security Onion
Security Onion
n|u - The Open Security Community
Cloud Forensics
Cloud Forensics
sdavis532
Windows logging cheat sheet
Windows logging cheat sheet
Michael Gough
Building a Security Architecture
Building a Security Architecture
Cisco Canada
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure Cloud
Alert Logic
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443
Yokogawa1
Industrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.ppt
DelforChacnCornejo
OSINT (Open Source Intelligence) Market - 2017 2022 - Sample Report
OSINT (Open Source Intelligence) Market - 2017 2022 - Sample Report
Homeland Security Research Corp.
Azure Sentinel
Azure Sentinel
Kumton Suttiraksiri
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to audit
Bob Rhubart
Information Technology Security Techniques Evaluation Criteria For It Secrit...
Information Technology Security Techniques Evaluation Criteria For It Secrit...
Vishnu Kesarwani
IBM QRadar BB & Rules
IBM QRadar BB & Rules
Muhammad Abdel Aal
user centric machine learning framework for cyber security operations center
user centric machine learning framework for cyber security operations center
Venkat Projects
Architecture centric support for security orchestration and automation
Architecture centric support for security orchestration and automation
Chadni Islam
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
Adam Barrera
The adversary playbook - the tools, techniques and procedures used by threat ...
The adversary playbook - the tools, techniques and procedures used by threat ...
Jisc
Kaspersky endpoint security business presentation
Kaspersky endpoint security business presentation
Data Unit
Exploring the Defender's Advantage
Exploring the Defender's Advantage
Raffael Marty
Digital Forensics Triage and Cyber Security
Digital Forensics Triage and Cyber Security
Amrit Chhetri
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
CrowdStrike
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
CrowdStrike
More Related Content
What's hot
Security Onion
Security Onion
n|u - The Open Security Community
Cloud Forensics
Cloud Forensics
sdavis532
Windows logging cheat sheet
Windows logging cheat sheet
Michael Gough
Building a Security Architecture
Building a Security Architecture
Cisco Canada
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure Cloud
Alert Logic
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443
Yokogawa1
Industrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.ppt
DelforChacnCornejo
OSINT (Open Source Intelligence) Market - 2017 2022 - Sample Report
OSINT (Open Source Intelligence) Market - 2017 2022 - Sample Report
Homeland Security Research Corp.
Azure Sentinel
Azure Sentinel
Kumton Suttiraksiri
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to audit
Bob Rhubart
Information Technology Security Techniques Evaluation Criteria For It Secrit...
Information Technology Security Techniques Evaluation Criteria For It Secrit...
Vishnu Kesarwani
IBM QRadar BB & Rules
IBM QRadar BB & Rules
Muhammad Abdel Aal
user centric machine learning framework for cyber security operations center
user centric machine learning framework for cyber security operations center
Venkat Projects
Architecture centric support for security orchestration and automation
Architecture centric support for security orchestration and automation
Chadni Islam
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
Adam Barrera
The adversary playbook - the tools, techniques and procedures used by threat ...
The adversary playbook - the tools, techniques and procedures used by threat ...
Jisc
Kaspersky endpoint security business presentation
Kaspersky endpoint security business presentation
Data Unit
Exploring the Defender's Advantage
Exploring the Defender's Advantage
Raffael Marty
Digital Forensics Triage and Cyber Security
Digital Forensics Triage and Cyber Security
Amrit Chhetri
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks
What's hot
(20)
Security Onion
Security Onion
Cloud Forensics
Cloud Forensics
Windows logging cheat sheet
Windows logging cheat sheet
Building a Security Architecture
Building a Security Architecture
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure Cloud
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443
Industrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.ppt
OSINT (Open Source Intelligence) Market - 2017 2022 - Sample Report
OSINT (Open Source Intelligence) Market - 2017 2022 - Sample Report
Azure Sentinel
Azure Sentinel
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to audit
Information Technology Security Techniques Evaluation Criteria For It Secrit...
Information Technology Security Techniques Evaluation Criteria For It Secrit...
IBM QRadar BB & Rules
IBM QRadar BB & Rules
user centric machine learning framework for cyber security operations center
user centric machine learning framework for cyber security operations center
Architecture centric support for security orchestration and automation
Architecture centric support for security orchestration and automation
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
The adversary playbook - the tools, techniques and procedures used by threat ...
The adversary playbook - the tools, techniques and procedures used by threat ...
Kaspersky endpoint security business presentation
Kaspersky endpoint security business presentation
Exploring the Defender's Advantage
Exploring the Defender's Advantage
Digital Forensics Triage and Cyber Security
Digital Forensics Triage and Cyber Security
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-Sheet
Viewers also liked
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
CrowdStrike
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
CrowdStrike
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary Problem
CrowdStrike
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
CrowdStrike
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas Attack
CrowdStrike
CrowdCasts Monthly: Mitigating Pass the Hash
CrowdCasts Monthly: Mitigating Pass the Hash
CrowdStrike
Java Journal & Pyresso: A Python-Based Framework for Debugging Java
Java Journal & Pyresso: A Python-Based Framework for Debugging Java
CrowdStrike
Venom
Venom
CrowdStrike
End-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware Family
CrowdStrike
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence Operations
CrowdStrike
TOR... ALL THE THINGS
TOR... ALL THE THINGS
CrowdStrike
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the Indicator
CrowdStrike
Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning
CrowdStrike
Російські хакери стежили за артилерією ЗСУ через Android
Російські хакери стежили за артилерією ЗСУ через Android
tsnua
The Shifting Landscape of PoS MalwareOutput
The Shifting Landscape of PoS MalwareOutput
Silas Cutler
Hacking Exposed: The Mac Attack
Hacking Exposed: The Mac Attack
Priyanka Aash
End-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
End-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
CrowdStrike
BSides 2016 Presentation
BSides 2016 Presentation
Angelo Rago
Hunting gh0st rat using memory forensics
Hunting gh0st rat using memory forensics
Cysinfo Cyber Security Community
The Enemy Within: Stopping Advanced Attacks Against Local Users
The Enemy Within: Stopping Advanced Attacks Against Local Users
Tal Be'ery
Viewers also liked
(20)
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary Problem
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: Mitigating Pass the Hash
CrowdCasts Monthly: Mitigating Pass the Hash
Java Journal & Pyresso: A Python-Based Framework for Debugging Java
Java Journal & Pyresso: A Python-Based Framework for Debugging Java
Venom
Venom
End-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware Family
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence Operations
TOR... ALL THE THINGS
TOR... ALL THE THINGS
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the Indicator
Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning
Російські хакери стежили за артилерією ЗСУ через Android
Російські хакери стежили за артилерією ЗСУ через Android
The Shifting Landscape of PoS MalwareOutput
The Shifting Landscape of PoS MalwareOutput
Hacking Exposed: The Mac Attack
Hacking Exposed: The Mac Attack
End-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
End-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
BSides 2016 Presentation
BSides 2016 Presentation
Hunting gh0st rat using memory forensics
Hunting gh0st rat using memory forensics
The Enemy Within: Stopping Advanced Attacks Against Local Users
The Enemy Within: Stopping Advanced Attacks Against Local Users
Similar to Hacking Exposed Live: Mobile Targeted Threats
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
Peter Wood
Out of the Blue: Responding to New Zero-Day Threats
Out of the Blue: Responding to New Zero-Day Threats
Peter Wood
Mobile Workplace Risks
Mobile Workplace Risks
Parag Deodhar
Emerging Threats and Attack Surfaces
Emerging Threats and Attack Surfaces
Peter Wood
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective Responses
NetIQ
Challenges2013
Challenges2013
Lancope, Inc.
Cloud, social networking and BYOD collide!
Cloud, social networking and BYOD collide!
Peter Wood
Mobile Apps Security
Mobile Apps Security
Xavier Mertens
Bitdefender Corporate July2011 V3
Bitdefender Corporate July2011 V3
princescorpio
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
Eric Vanderburg
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for Applications
Denim Group
Top Security Trends for 2013
Top Security Trends for 2013
Imperva
Reading the Security Tea Leaves
Reading the Security Tea Leaves
Ed Bellis
Offensive malware usage and defense
Offensive malware usage and defense
Christiaan Beek
Detecting Intrusions and Malware - Eric Vanderburg - JurInnov
Detecting Intrusions and Malware - Eric Vanderburg - JurInnov
Eric Vanderburg
Kaseya Connect 2012 – A Kaspersky Researcher Perspective
Kaseya Connect 2012 – A Kaspersky Researcher Perspective
Kaseya
Threat Landscape Lessons from IoTs and Honeynets
Threat Landscape Lessons from IoTs and Honeynets
Digital Transformation EXPO Event Series
iOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce it
Cyber Security Alliance
Software Security for Project Managers: What Do You Need To Know?
Software Security for Project Managers: What Do You Need To Know?
Denim Group
Bring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective program
Brent Spencer
Similar to Hacking Exposed Live: Mobile Targeted Threats
(20)
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
Out of the Blue: Responding to New Zero-Day Threats
Out of the Blue: Responding to New Zero-Day Threats
Mobile Workplace Risks
Mobile Workplace Risks
Emerging Threats and Attack Surfaces
Emerging Threats and Attack Surfaces
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective Responses
Challenges2013
Challenges2013
Cloud, social networking and BYOD collide!
Cloud, social networking and BYOD collide!
Mobile Apps Security
Mobile Apps Security
Bitdefender Corporate July2011 V3
Bitdefender Corporate July2011 V3
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for Applications
Top Security Trends for 2013
Top Security Trends for 2013
Reading the Security Tea Leaves
Reading the Security Tea Leaves
Offensive malware usage and defense
Offensive malware usage and defense
Detecting Intrusions and Malware - Eric Vanderburg - JurInnov
Detecting Intrusions and Malware - Eric Vanderburg - JurInnov
Kaseya Connect 2012 – A Kaspersky Researcher Perspective
Kaseya Connect 2012 – A Kaspersky Researcher Perspective
Threat Landscape Lessons from IoTs and Honeynets
Threat Landscape Lessons from IoTs and Honeynets
iOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce it
Software Security for Project Managers: What Do You Need To Know?
Software Security for Project Managers: What Do You Need To Know?
Bring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective program
More from CrowdStrike
State of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers Mindset
CrowdStrike
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
CrowdStrike
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns
CrowdStrike
An Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware Outbreak
CrowdStrike
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
CrowdStrike
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
CrowdStrike
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
CrowdStrike
TOR... ALL THE THINGS Whitepaper
TOR... ALL THE THINGS Whitepaper
CrowdStrike
More from CrowdStrike
(9)
State of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers Mindset
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns
An Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware Outbreak
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
TOR... ALL THE THINGS Whitepaper
TOR... ALL THE THINGS Whitepaper
Recently uploaded
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
Alan Dix
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
AliaaTarek5
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
Wes McKinney
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
Kari Kakkonen
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Pim van der Noll
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
LoriGlavin3
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
Nicole Novielli
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
LoriGlavin3
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
Ingrid Airi González
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
Curtis Poe
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
LoriGlavin3
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Mark Goldstein
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
Inflectra
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
Pixlogix Infotech
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
BookNet Canada
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
LoriGlavin3
A Framework for Development in the AI Age
A Framework for Development in the AI Age
Cprime
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
panagenda
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
Sergiu Bodiu
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
IES VE
Recently uploaded
(20)
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
A Framework for Development in the AI Age
A Framework for Development in the AI Age
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
Hacking Exposed Live: Mobile Targeted Threats
1.
George Kurtz, President
& CEO, CrowdStrike Georg Wicherski, Senior Security Researcher, CrowdStrike Alex Radocea, Senior Security Researcher, CrowdStrike © 2012 CrowdStrike, Inc. All rights reserved.
2.
BEFORE WE GET
STARTED… • Questions – Via GoToWebinar in the Questions tab – All ?’s will be addressed at the end of the session – Via Twitter – Engage real-time: @CrowdStrike #hackingexposed7 2 © 2012 CrowdStrike, Inc. All rights reserved.
3.
A LITTLE ABOUT
US GEORGE KURTZ President & CEO, CrowdStrike • In security for ~20 years • Former CTO, McAfee • Former CEO, Foundstone • Co-Author, Hacking Exposed • Twitter: @George_Kurtz • Blog: www.securitybattlefield.com 3 © 2012 CrowdStrike, Inc. All rights reserved.
4.
A LITTLE ABOUT
US GEORG WICHERSKI Senior Security Researcher, CrowdStrike • Focuses on analyzing advanced threats • Likes to put himself in the attackers’ shoes • Loves working low level on bytecode • New interest in ARM architecture • Twitter: @ochsff 4 © 2012 CrowdStrike, Inc. All rights reserved.
5.
A LITTLE ABOUT
US ALEX RADOCEA Senior Engineer, CrowdStrike • Application Security Assessment at Matasano • Product Security Team at Apple • Dabbles in hardware reverse engineering • Upcoming talk: Ekoparty 2012 • Twitter: @defendtheworld 5 © 2012 CrowdStrike, Inc. All rights reserved.
6.
THREAT EVOLUTION AND
OUTLINE Commercial Targeted RATs Advanced RATs Threats • Manually • Observed Real • Demo of installed World Attacks Browser based • “Spy on your • Simple, regular compromise girlfriend” Apps • What are we just not seeing? 6 © 2012 CrowdStrike, Inc. All rights reserved.
7.
WHAT IS A
RAT? • Remote Access Tools, better known as RATs • Post-exploitation tool • Allows administrative controls over the compromised system • Adversaries have been targeting conventional computing platforms (PC) for many years 7 © 2012 CrowdStrike, Inc. All rights reserved.
8.
RAT FUNCTIONALITY
• Backdoor functionality and a host of other nefarious features – Activate video cameras and microphones – Take pictures of remote systems – Exfiltration - send back files – Run remote commands – Log keystrokes 8 © 2012 CrowdStrike, Inc. All rights reserved.
9.
GRANDDADDY OF RATS
Back Orifice Netbus 9 © 2012 CrowdStrike, Inc. All rights reserved.
10.
WHAT IS UBIQUITIOUS? 10
© 2012 CrowdStrike, Inc. All rights reserved.
11.
HAS A CAMERA? 11
© 2012 CrowdStrike, Inc. All rights reserved.
12.
HAS A MICROPHONE? 12
© 2012 CrowdStrike, Inc. All rights reserved.
13.
KNOWS WHERE YOU
ARE? 13 © 2012 CrowdStrike, Inc. All rights reserved.
14.
IS ALWAYS ON? 14
© 2012 CrowdStrike, Inc. All rights reserved.
15.
…AND STORES YOUR
SENSITIVE INFORMATION? 15 © 2012 CrowdStrike, Inc. All rights reserved.
16.
16
© 2012 CrowdStrike, Inc. All rights reserved.
17.
DAWN OF A
NEW ERA Mobile RATs • Mobile RATs • Smartphones are PCs that fit in the palm of your hand • Perfect tool to: – Intercept calls – Intercept TXTs – Intercept emails – Capture remote video – Listen to sensitive conversations – Track location via GPS 17 © 2012 CrowdStrike, Inc. All rights reserved.
18.
© 2012 CrowdStrike,
Inc. All rights reserved.
19.
COMMERCIAL RAT DELIVERY
• Usually require physical access to target device • The attacker must know the target’s password or the device must be unlocked • Manual installation via web page or 3rd party market • iOS devices require a jail break 19 © 2012 CrowdStrike, Inc. All rights reserved.
20.
FlexiSPY
• Emerged in 2006 timeframe as a consumer- marketed cell phone spying software • Capabilities include: – Monitoring email – Monitoring SMS/MMS – Monitoring chat/Facebook/WhatsApp – Number flagging – Call intercept (only live calls) – Hot Mic – SMS C2 20 © 2012 CrowdStrike, Inc. All rights reserved.
21.
FlexiSPY LOGS 21
© 2012 CrowdStrike, Inc. All rights reserved.
22.
© 2012 CrowdStrike,
Inc. All rights reserved.
23.
TARGETED RATs
• Android: Mostly regular Apps – Written in Java using the Android SDK and compiled to Dalvik code – Often not even obfuscated (original names retained) – There are public SDK tools to conceal at least names of non- exported classes and members – Easy process to reverse to Java code (.dex%→%.class%→%.java) – Visibility issue or principle of least effort required? • iOS targeted RAT ecosystem largely unexplored – But commercial RATs well-known and documented – Happening for sure but just no good visibility 23 © 2012 CrowdStrike, Inc. All rights reserved.
24.
CASE STUDY: LUCKY
CAT (background) • Targeted Espionage-Type Operation – Engineering and Research targets – Political activists • Windows Malware Attributed to Chinese developers – Likely government sponsored civil hacktivism – First seen in June 2011 http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/ wp_luckycat_redux.pdf • Android malware LuckytCat.A found on C2 servers 24 © 2012 CrowdStrike, Inc. All rights reserved.
25.
LUCKYCAT.A ANALYSIS
• Simple Service based App that registers for BOOTUP intent – Starts automatically when phone is turned on • Reports general information (phone number, IMEI, …) on connect • Can read and write arbitrary files and list directories – Linux is Unix, “Anything is a file” – All logic and parsing on C2 (client) side, not exposed to analysis • Utilizes custom “encryption” / obfuscation algorithm 25 © 2012 CrowdStrike, Inc. All rights reserved.
26.
LUCKYCAT.A BEACON INFORMATION
• Obtains current phone number – Chinese error / status message • Beacons – Phone number as MAC – Current IP – Per-incident identifier 26 © 2012 CrowdStrike, Inc. All rights reserved.
27.
LUCKYCAT.A FILE COMMANDS
• Only supports file based commands – Directory content listing – Download / upload file from / to phone • Any interaction with system must be done with this simple mechanism 27 © 2012 CrowdStrike, Inc. All rights reserved.
28.
© 2012 CrowdStrike,
Inc. All rights reserved.
29.
FINSPY MOBILE FOR
IOS • Commercial mobile RAT sold to governments – “Enterprise” Software development – Proper encryption, communication protocol, ... • Analyzed iOS sample stolen demo binary – Courtesy of CitizenLab.org • Capabilities similar to previous commercial RATs • iOS variant requires jail broken device or LPE exploit 29 © 2012 CrowdStrike, Inc. All rights reserved.
30.
FINSPY MOBILE FOR
IOS INSTALLATION • One initial dropper, install_manager.app% • Ad-Hoc distribution with hardcoded UDIDs to run on • Certificate registered to Gamma International, Inc. • Drops the four FinSpy binaries to suid’able directories – installer, manages persistence in system – logind.app, daemon wrapper invoked by launchd on boot – trampoline.app, a broken no-op in our sample – SyncData.app, the main backdoor that calls home 30 © 2012 CrowdStrike, Inc. All rights reserved.
31.
FINSPY LPE MISSING
LINK • installer.app copies binaries to /Application%and %/System% • On a non-jail broken device prohibited by sandbox • installer.app requests root privilege with seteuid(0)% • Typical for a program started with suid bit • install_manager.app searches suid’able partitions 31 © 2012 CrowdStrike, Inc. All rights reserved.
32.
FINSPY LPE MISSING
LINK CONT. • trampoline.app a no-op in our binary – Invoked by install_manager.app with path to installer – Includes snippets that builds paths from arguments – Apparently cut-off / sanitized at source level • Placeholder to disable sandbox and suid installer to infect non-jail broken devices? – Given trampoline.app not an exploit itself – Checked all entry points and loader behavior 32 © 2012 CrowdStrike, Inc. All rights reserved.
33.
UDID LEAK IMPACT
• 1,000,000 UDIDs leaked • UDID, APNs tokens, device name leaked from unknown source • Ad-hoc distribution profile requires UDID, each profile has up to 100 devices – User-interaction required for installation – Code still sandboxed • Device information reportedly leaked from Blue Toad 33 © 2012 CrowdStrike, Inc. All rights reserved.
34.
© 2012 CrowdStrike,
Inc. All rights reserved.
35.
FEASIBILITY STUDY RATIONALE
• Mobile exploits being actively bought on the “market” – iOS, BlackBerry, Android (loosely ordered by price) – Remote: Baseband, Browser and SMS Apps – Local: Really anything that gets you elevated privileges • Development of payload up to the customer – FinSpy Mobile looks like good fit for LPE trampoline.app% • We know these attacks are out there yet we do not have conclusive evidence. • “If the mobile manufacturers don’t give us root privileges, only the attackers will have root privileges.” 35 © 2012 CrowdStrike, Inc. All rights reserved.
36.
ANDROID 4.0.1 BROWSER
EXPLOIT • Vulnerability in Webkit (fixed in 4.0.2, public since Nov 2011) – No CVE assigned, just a bug leading to degraded user experience… • Circumvents XN & partial ASLR on Android 4.0.1 – Android ≥ 2.3 activates XN, comparable to x86 NX bit – Requires hardware support but most phones do support it – Android ≥ 4.0 adds partial ASLR – Heap, stack and dynamic linker still at predictable address – Android ≥ 4.1 adds full ASLR • Use ROP in the dynamic linker to circumvent 4.0 mitigations 36 © 2012 CrowdStrike, Inc. All rights reserved.
37.
FEASIBILITY FOR NATIVE
RAT FOR ANDROID • Native stand-alone executables are easily built using the NDK – Creating a Makefile and a “Hello World” is < 2 hours if familiar with GCC • Huge amount of new “App Analysis (Dalvik) Experts” – Has anyone of those ever analyzed native ARM code? – Can anyone of those handle a simple UPX packed binary? • No Rootkit required, people barely look at native processes – Native processes do not show up in Android or 3rd party Task Managers – Potentially visible in ps%but trivially obfuscated – strcpy(argv[0],%“…”)% 37 © 2012 CrowdStrike, Inc. All rights reserved.
38.
© 2012 CrowdStrike,
Inc. All rights reserved.
39.
http://www.youtube.com/watch?v=M2jxLDz5gE4 39
© 2012 CrowdStrike, Inc. All rights reserved.
40.
• Quarterly webcasts:
Industry leaders presenting cutting-edge topics • Blogs, whitepapers, and other industry resources • Webcast archives for on-demand viewing HTTP://WWW.HACKINGEXPOSED7.COM 40 © 2012 CrowdStrike, Inc. All rights reserved.
41.
CrowdStrike is a
security technology company focused on helping enterprises and governments protect their most sensitive IP. CrowdStrike encompasses three core offerings: Services, Intelligence, and Technology. For Incident Response services: http://www.crowdstrike.com/services.html For Intelligence as a Service: Email us at intelligence@crowdstrike.com Technology (Coming soon): If you have interest in being a beta customer send your request to beta@crowdstrike.com Website: www.crowdstrike.com @CrowdStrike Blog: http://blog.crowdstrike.com facebook.com/crowdstrike youtube.com/crowdstrike © 2012 CrowdStrike, Inc. All rights reserved.
42.
Q&A 42
© 2012 CrowdStrike, Inc. All rights reserved.
43.
© 2012 CrowdStrike,
Inc. All rights reserved.
Download now